TRIDSO: Traffi c-based Reasoning IntrusionDetection System using Ontology

摘要

Many Intrusion Detection Systems are capable of detecting simple att acks. Complex att acks often consist ofa sequence of multiple simple att acks and are more diffi cult to identify, requiring the knowledge of experiencednetwork engineers. An ontology representation of the complex att acks can introduce meaning to the datacollected while monitoring the network, allowing the data to be understood by computers and the humanexpertise implemented. This will allow an Intrusion Detection System to identify complex att acks when theyoccur on a network. The details of this ontological representation and its implementation in the Traffi c-basedReasoning Intrusion Detection System using Ontology (TRIDSO) are described. A detailed example of howTRIDSO detected a complex att ack is explained. Lastly, a performance evaluation of TRIDSO was conductedand analyzed. TRIDSO was able to identify a variety of complex att acks. Due to performance outcomes, thecurrent implementation of TRIDSO is best utilized for post-att ack detection, which provides valuableevidence for security managers.